CVE-2023-25837
21.07.2023, 04:15
There is a Cross-site Scripting vulnerabilityin Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.
| Vendor | Product | Version |
|---|---|---|
| esri | portal_for_arcgis | 10.8.1 ≤ 𝑥 ≤ 10.9 |
𝑥
= Vulnerable software versions